About `html-to-one-pptx` is a Claude Code Skill that automates the entire pipeline from an HTML design file to a `.pptx` slide.

This skill appears to do what it says, but there are important operational and safety gaps you should address before installing or running it: - Expect to need python3, node (npm), and Python/Node libraries: merge_slides.py uses lxml, and the JS toolchain expects pptxgenjs and may use react, react-dom, react-icons and sharp. The skill metadata does not declare these — confirm and provision them in a controlled environment. - The runtime requires executing agent-written JavaScript (tmp/gen.js) with 'node'. Always review the generated gen.js before running it; run the whole pipeline in an isolated/sandboxed environment (container or VM) to avoid executing unintended code or allowing network access. - Be cautious about network/URL usage: pptxgenjs supports images by URL and JS can fetch remote resources. If you need to avoid data exfil or SSRF, block outbound network access for the conversion container or disallow remote image URLs. - Validate merge_slides outputs on non-sensitive sample files first. merge_slides.py manipulates ZIP internals and XML — test it on benign inputs to ensure it behaves as you expect. - Ask the publisher to update the skill metadata to list required binaries and dependencies, or provide an install spec. If you cannot verify dependencies and generated code, treat the skill as untrusted and run it only in an isolated environment. If you want, I can list the concrete packages and commands to prepare a safe sandbox (Dockerfile or a checklist) and point out exact lines in the scripts to double-check for network calls or dangerous operations.